The Silicon Review
07 Febuary, 2018
More embarrassing than just misspelled words - A critical blemish was found in the Chrome and Firefox browser extension of the English language writing-enhancement platform, Grammarly. The bug was nothing a gaping security hole on the Grammarly browser extension, that left about 22 million users’ accounts, including personal documents and records, vulnerable to remote hackers.
Reported on February 2 by Tavis Ormandy of Google Project Zero, the bug is of high severity. According to Tavis, any website that a Grammarly user visits could steal the authentication tokens, which is more than enough to gain access to user's account and take control of everything without permission. And the worst part is that the remote attackers could do this with just 4 lines of JavaScript code. Tavis has also provided a proof-of-concept (PoC) exploit in his vulnerability report explaining how easily a hacker can make use of this serious flaw to steal Grammarly user's access token.
“I am calling this a high severity bug as it seems like a pretty severe violation of user expectations,” Tavis said in his vulnerability report. "Users would never expect that visiting a site gives it permission to access documents or data they have typed into other sites.”
To secure all its users’ data, Grammarly quickly fixed the bug in the Chrome Web Store and Mozilla also confirmed that the Firefox version of the extension also rolled out to the users.
"We're continuing to monitor actively for any unusual activity. The security issue potentially affected text saved in the Grammarly Editor. This high severity bug didn’t affect the Grammarly Keyboard or Grammarly Microsoft Office add-on. The bug is fixed, and there is no action required by Grammarly users," a Grammarly spokesperson said.
There is good news for all basketball fans in India. Very soon, NBA themed promotions and experience zones will be launched in India. The announcement...
Dunzo, the app which is trying to make life easier for the people upto some extent plans to raise about Rs. 183 crore from different investors which a...
This event is organised with an aim to provide an opportunity where one and all can experience the developments in the field of defence and security-r...
After Samsung unveiled its new Galaxy A9 smartphone in Singapore last month, the company is all set to launch it in India on November 20. In Singapore...